The Lazarus Group, linked to North Korea, has initiated a campaign using fake LinkedIn job offers in cryptocurrency and travel sectors to deliver malware. According to Bitdefender, victims receive enticing messages about remote work opportunities. Once engaged, they are asked for a CV or GitHub links, which helps collect personal data. Subsequently, the victim is directed to a GitHub repository containing malware disguised as a decentralized exchange project. This malware can steal information from cryptocurrency wallets and maintain persistent remote access, showcasing the adaptability of their methods.
The Lazarus Group is using fake LinkedIn job offers to spread malware targeting multiple operating systems, highlighting the blend of social engineering and tech exploitation.
The attack manipulates job seekers by requesting personal information that serves the dual purpose of data harvesting and creating a false sense of legitimacy.
Following the initial engagement, the threat actor, posing as a recruiter, directs the victim to a malicious GitHub repository containing a DEX project that harbors malware.
Bitdefender has linked this campaign to broader tactics seen in the Contagious Interview activity cluster, underscoring the evolving nature of cyber threats.
Collection
[
|
...
]